Skillget

VulnMCP

mcp
Security Audit
Pass
Health Pass
  • License — License: AGPL-3.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 13 GitHub stars
Code Pass
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This MCP server provides AI clients with modular tools for vulnerability management. It automates severity and CWE classification using NLP models, and queries external vulnerability databases (like Vulnerability Lookup, CISA KEV, and GCVE) to deliver actionable security insights.

Security Assessment
The overall risk is Low. The automated code scan (12 files) found no dangerous patterns, no hardcoded secrets, and the tool does not request any dangerous system permissions. It does not execute local shell commands or access sensitive local files. However, by design, it requires network requests to function properly. It communicates with external APIs (such as vulnerability.circl.lu, gcve.eu) and downloads remote AI models from Hugging Face to perform its text analysis.

Quality Assessment
The project demonstrates solid health and maintenance. It was updated very recently (last push was today), indicating active development. The repository is properly licensed under AGPL-3.0 and includes a clear, comprehensive description and usage instructions. While it is a relatively new tool with a small community footprint (13 GitHub stars), it was built using established libraries like FastMCP and relies on recognized security data sources like CIRCL.

Verdict
Safe to use.
SUMMARY

A modular MCP server providing AI-driven vulnerability management skills, including severity classification and automated insights.

README.md

VulnMCP logo

VulnMCP

VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.

Features

  • Vulnerability Severity Classification -- Automatically assess the criticality of vulnerabilities using CIRCL's fine-tuned NLP models:
    CIRCL/vulnerability-severity-classification-roberta-base (English) and CIRCL/vulnerability-severity-classification-chinese-macbert-base (Chinese).
  • CWE Classification -- Predict CWE categories from vulnerability descriptions using CIRCL/cwe-parent-vulnerability-classification-roberta-base.
  • Vulnerability Lookup -- Query the Vulnerability Lookup API to get detailed information about specific CVEs or search vulnerabilities by source, CWE, product, or date.
  • KEV Catalog -- Browse and filter Known Exploited Vulnerability (KEV) entries, check whether a CVE appears in a KEV catalog, find recently added entries, and filter by catalog origin (CISA KEV, CIRCL, EUVD KEV).
  • GCVE Registry -- Query the GCVE Global Numbering Authority (GNA) registry and references to discover vulnerability allocators and KEV catalog identifiers.
  • Modular Architecture -- Easily add new skills or tools to expand the functionality of the MCP server.

Installation

Requires Python 3.10+ and Poetry v2+.

git clone https://github.com/vulnerability-lookup/VulnMCP.git
cd VulnMCP
poetry install

Running the MCP server

stdio (default)

The default transport, used by most MCP clients (Claude Code, Claude Desktop, etc.):

poetry run vulnmcp

HTTP transport

For network access or multiple concurrent clients:

poetry run fastmcp run vulnmcp/server.py --transport http --host 127.0.0.1 --port 9000

Available tools

Tool Description
classify_severity Classify vulnerability severity (low/medium/high/critical) from a text description. Supports English and Chinese with auto-detection.
classify_cwe Predict CWE categories from a vulnerability description. Returns top-5 predictions with parent CWE mapping.
get_recent_vulnerabilities_by_cwe Fetch the 3 most recent CVEs for a given CWE ID.
get_vulnerability Look up a specific vulnerability by ID (e.g. CVE-2025-14847) with optional comments, sightings, bundles, linked vulnerabilities, and KEV enrichment.
search_vulnerabilities Search vulnerabilities with filters: source, CWE, product, date range, pagination, and optional KEV-aware prioritization.
search_sightings Search vulnerability sightings (seen/exploited/patched/etc.) with filters to identify what is actively discussed or abused.
create_sighting Create a new sighting for a vulnerability (requires API permissions on most instances).
get_most_sighted_vulnerabilities Retrieve a ranking of vulnerabilities by sighting activity to help prioritize important issues.
list_kev_entries List and filter KEV catalog entries by vulnerability ID, status reason, exploited flag, date range, author, or origin catalog UUID.
guess_cpes Query cpe-guesser with product keywords to infer likely CPE identifiers.
list_gna_entries List all Global Numbering Authorities (GNA) from the GCVE registry.
get_gna_entry Get a specific GNA entry by numeric ID or exact short name.
search_gna Search GNA entries by name (case-insensitive substring match).
list_gcve_references List GCVE references including KEV catalog UUIDs for use with list_kev_entries.

List all tools:

poetry run fastmcp list vulnmcp/server.py

Testing tools from the command line

Use fastmcp call to invoke any tool directly:

# Look up a specific CVE
poetry run fastmcp call vulnmcp/server.py get_vulnerability vulnerability_id=CVE-2025-14847

# Search for recent SQL injection vulnerabilities
poetry run fastmcp call vulnmcp/server.py search_vulnerabilities cwe=CWE-89 per_page=5

# Retrieve top most-sighted vulnerabilities
poetry run fastmcp call vulnmcp/server.py get_most_sighted_vulnerabilities limit=5

# Check if a CVE is in a KEV catalog
poetry run fastmcp call vulnmcp/server.py list_kev_entries vuln_id=CVE-2021-44228

# List recent KEV entries from the last week
poetry run fastmcp call vulnmcp/server.py list_kev_entries date_from=2026-03-18 per_page=5

# List KEV entries from the CISA KEV catalog only
poetry run fastmcp call vulnmcp/server.py list_kev_entries vulnerability_lookup_origin=405284c2-e461-4670-8979-7fd2c9755a60 per_page=5

# Guess likely CPE values from product keywords
poetry run fastmcp call vulnmcp/server.py guess_cpes query='["outlook","connector"]'

# List all GNA entries from the GCVE registry
poetry run fastmcp call vulnmcp/server.py list_gna_entries

# Look up a specific GNA by short name
poetry run fastmcp call vulnmcp/server.py get_gna_entry short_name=CIRCL

# Search GNA entries
poetry run fastmcp call vulnmcp/server.py search_gna query=cert

# List GCVE references (includes KEV catalog UUIDs)
poetry run fastmcp call vulnmcp/server.py list_gcve_references

# Classify severity from a description
poetry run fastmcp call vulnmcp/server.py classify_severity \
    description="A remote code execution vulnerability allows an attacker to execute arbitrary code via a crafted JNDI lookup."

# Classify CWE from a description
poetry run fastmcp call vulnmcp/server.py classify_cwe \
    description="Fix buffer overflow in authentication handler"

Connecting to Claude Code

Register VulnMCP as an MCP server in Claude Code with:

claude mcp add vulnmcp -- poetry --directory /path/to/VulnMCP run vulnmcp

Or with fastmcp install:

poetry run fastmcp install claude-code vulnmcp/server.py --name VulnMCP

Once registered, the tools are available to Claude Code. You can verify with:

claude mcp list

Configuration

Environment variable Description Default
VULNMCP_LOOKUP_URL Base URL for the Vulnerability Lookup API https://vulnerability.circl.lu
VULNMCP_CPE_GUESSER_URL Base URL for the cpe-guesser API https://cpe-guesser.cve-search.org
VULNMCP_API_KEY API key used for authenticated actions such as creating sightings (unset)

Contributing

Please read CONTRIBUTING.md before opening a pull request.

Note: this repository currently runs an experiment where only computer-assisted (AI-related) contributions are accepted.

License

AGPL-3.0-or-later

Reviews (0)

No results found